The present invention relates generally to network security, and more specifically to optimizing firewalls.
A firewall is typically a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. A firewall acts as a security barrier to control traffic and manage connections between internal and external network hosts. The ability of a firewall to centrally administer network security can also be extended to log incoming and outgoing traffic to allow accountability of user actions and to trigger alerts when unauthorized activities occur. The security provided by a firewall is typically defined by a set of rules.
The continuous growth of the Internet, coupled with the increasing sophistication of attacks, is placing stringent demands on firewall performance and on the complexity of firewall design and management. Increased firewall complexity often results in increased vulnerability and reduced availability of individual network services and applications. The protection that a firewall provides often becomes as good as not only the policies that the firewall is configured to implement but also the speed at which the firewall enforces these policies. Under attack or heavy load, firewalls can easily become a bottleneck. As the network bandwidth and processor speed continue to increase, the demand for optimizing firewall operations for improved performance also increases.
“Optimization” heuristics have been developed to make firewalls more efficient and dependable. Current techniques for firewall optimization, however, remain static. For example, once a firewall is configured and installed, the firewall is typically left alone. As a result, optimization techniques fail to adapt to the continuously varying dynamics of the network.
Thus, there remains a need to optimize firewalls in a more dynamic manner.